bug-mailutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-mailutils] imap: personal "shared" folders and ACL ...

From: Andreas Barth
Subject: [bug-mailutils] imap: personal "shared" folders and ACL ...
Date: Sat, 23 Apr 2005 20:27:51 -0000
User-agent: Mutt/1.5.6i 
Hi,

I'll describe my wanted setup first and than what happened to me on
the way to that. Also, I'm quite new in using mailutils and imap, so
please forgive me if I went wrong.


I want to setup an imap server for multiple users, and some users have
access to role addresses to read mail - at that accounts, just
reading, and nothing more.

I was using the version of mailutils in debian/sid, that is 0.6.1. Of
course, my user base was just using virtual accounts.


My first consideration was to change the other namespace in a way that
it is per user (and add the possibility for ACLs to the namespace).
However, on closer looking, I noticed that I can just add symlinks to
the home directory, and that this works fine.

However, on an even closer look, I saw that the process runs with root
privileges - which is IMHO unnecessary for reading mails (especially
as my virtual users have uid/gids). Also, I noticed that imap4d is
always setgid mail (in the setup phase already), which means that it
is even in the case of using the real user database possible to extend
the access privileges (however, I didn't try that the hard way, but
with adding a symlink at the proper place, one should be able to read
mailboxes gid mail, and perhaps even any file "emulating" a maildir).


Now, to summarize for me, I'm still unsure what I should do. After
these tries, I tend to add a per-user file in some place (I'm not sure
if $home is a good place even for virtual users - perhaps something
like /etc/domain-virtual/$domain/$user is better), and read additional
directories and ACLs from there. On the user and group setup, I tend
to add mail as "hidden group" to the real group, and only get this
gid in cases needed, and otherwise, use the normal group. Also, I tend
on setuid to a fixed user in my local setup for virtual users, but for
general use, probably a more complex strategy is better.

Any comments on this is appreciated.


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C
reply via email to
[Prev in Thread] Current Thread [Next in Thread]